Versions Compared

Old Version 2

changes.mady.by.user Petteri Kivimäki

Saved on

compared with

New Version Current

changes.mady.by.user Petteri Kivimäki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

It’s important that the values of the three configuration parameters are aligned with each other and the policies of the certificate authorityCertificate Authority. For example, the ocspFetchInterval parameter must be smaller than the ocspFreshnessSeconds parameter, or otherwise, the Security Server considers the responses expired before new ones are fetched.

...

The Security Server fetches new OCSP responses using a fixed interval that is 20 minutes by default. The fetch interval is configured on the Central Server using the ocspFetchInterval global configuration parameter extension by the X-Road operator. An OCSP response is considered expired by the Security Server if it was issued too far in the past OR there’s already new status information available.

...

Omitting the nextUpdate attribute is done on the Central Server using the verifyNextUpdate global configuration parameter extension by the X-Road operator.

Info

More information about the nextUpdate parameter is available in the Central Server User Guide.

...